Methods and systems for facilitating joint submissions

ABSTRACT

Methods, systems, and devices for facilitating joint submissions. In an example embodiment, a system may facilitate a joint submission from multiple devices. For example, a primary device may receive data for a joint submission with a peripheral device, and the data may be segmented into sensitive and non-sensitive data.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.17/166,232, filed Feb. 3, 2021, which is a continuation of U.S. patentapplication Ser. No. 16/599,800, filed Oct. 11, 2019, which is acontinuation of and claims priority to U.S. patent application Ser. No.16/529,385, filed Aug. 1, 2019, each of which applications isincorporated herein in its entirety by reference.

BACKGROUND

In recent years, the availability and functionality of mobile deviceshas grown exponentially. However, despite the increase in both theavailability and functionality of mobile devices, some tasks are stilldifficult to perform using mobile technology. In particular, whilesharing data through mobile devices has become easier, ensuring thesecurity of that data has become more difficult.

SUMMARY

In some example embodiments, methods, systems, and devices are disclosedherein for facilitating joint submissions in a secure and privatemanner. Specifically, example methods, systems, and devices innovate bysegmenting data into multiple categories and applying different securityor privacy protections. As functionality of devices, and in particularmobile technology, advances to allow users more collaborativeexperiences, a need to provide a more refined approach to protections isneeded. This is especially true in instances where sensitive data mayneed to be transmitted securely and privately from point A to point B,but with intermediate users accessing and/or viewing portions of thedata between point A and point B.

In one aspect, a system according to an example embodiment mayfacilitate joint submissions for multiple devices (e.g., a primarydevice and a peripheral device). The primary device may receive a firstuser input initiating a joint submission with the peripheral device. Forexample, the primary and/or the peripheral devices may constitute mobiledevices operated by two users. The primary device may be associated witha user profile for a primary user (e.g., a user account of the primaryuser) and the peripheral device may be associated with a user profilefor a peripheral user (e.g., a user account for the peripheral user).The joint submission may require a first portion of submission dataassociated with the primary user and a second portion of submission dataassociated with the peripheral user. For example, the primary user andperipheral user may be collaborating on a project that requires bothusers to submit sensitive data that they may want to protect from thirdparties as well as each other.

In response to the first user input, the primary device may generate fordisplay a Quick Response Code (QR code) code. The QR code may act as afirst security measure for facilitating the joint submission. Thisinitial security measure can facilitate joint submissions between mobiledevices as the QR code can be generated to include specific detailsabout the joint submission and can transfer those details through theuse of a QR code scanner on the peripheral device.

In response to the peripheral device interpreting the QR code associatedwith the joint submission using a QR code scanner, the system canactivate a temporary device session between the primary device and theperipheral device based on the QR code. In some embodiments, either theprimary or peripheral user may additionally or alternatively input datainto their respective devices to activate the temporary device session.For example, in response to interpreting the QR code (or receiving aconfirmation that the QR code has been received and/or accepted), theprimary and/or peripheral device may query its respective usersregarding activating the temporary device session. This query mayintroduce an additional security measure (e.g., a request for a jointsubmission or temporary device session password).

While the temporary device session is active, the primary device mayreceive a second submission package from the peripheral device forcombination with a first submission package for the primary device. Thesecond submission package may include peripheral user data included inthe required second portion of submission data and the required secondportion of submission data may be segmented into sensitive dataassociated with the peripheral user and non-sensitive data associatedwith the peripheral user. In some embodiments, the sensitivity of thisdata may differ depending on the particular user. For example, whiledata may be required for the joint submission, the peripheral user maynot wish to share this data with the primary user. Because of thecollaborative nature of the joint submission, it may be necessary forthe peripheral user to first share this information with the primaryuser (or at least the primary device) prior to completion of the jointsubmission. Because of this, the system may tag the sensitive data inone or more ways to designate for whom this data is sensitive, whatdevice can receive, what device can display, what device may modify,etc. By segmenting the data (or categories of data), and tagging thedata (or categories of data) in this manner, the devices may participatein a joint submission while ensuring both the security of the data andprivacy of the users to third-parties (whether authorized orunauthorized) and each other. For example, the sensitive data associatedwith the peripheral user may (e.g., based on the assigned tags) not beviewable by the primary device, but may still be receivable by theprimary device (e.g., for incorporation into the joint submission).Likewise, the non-sensitive data associated with the peripheral user may(e.g., based on the assigned tags) both be receivable and viewable bythe primary device.

The primary device may then receive primary user data from the primaryuser. For example, the primary device may receive data inputted by theprimary user into a user interface of the primary device and/or mayretrieve information about the primary user from a user profile of theprimary user. The primary device may then verify that the primary userdata includes the required first portion of submission data. Forexample, in order to facilitate the joint submission in which thereceipt of, and/or ability to view, the data may be limited by itssensitivity, the primary device may verify that the primary user dataincludes the required first portion. Likewise, the peripheral device mayverify that the peripheral user data includes the required secondportion of submission data. By requiring each device to self-verify, oroff-loading this operation to a third party (e.g., a server with accessto any sensitive information), both the security and privacy concerns ofthe primary and peripheral users are met.

The primary device may then generate a first submission package for theprimary device. The first submission package may include the requiredfirst portion of submission data included in the first data, and thefirst submission package may be combined (e.g., either at the primarydevice or at a remote server) with the second submission package tocreate a joint submission package. The primary device may then submit(or initiate the submission if the joint submission package is alreadyremotely stored) the joint submission package. By combining the firstsubmission package and the second submission package, while maintainingthe individual security and privacy of the primary and peripheral users(even from each other), the system has facilitated a more collaborativeexperience without sacrificing the security or privacy of the users.

In some embodiments, the primary device may generate a notification forthe peripheral device that indicates that the second submission packagehas been received. This notification may include non-sensitive dataassociated with the primary user and may be transmitted to theperipheral device. Additionally, this notification may end the temporarydevice session. Alternatively, the temporary device session may be endedby the primary device upon receipt of the second portion of submissiondata or upon submission of the joint submission package. By ending thetemporary device session following the notification, receipt, orsubmission, any potential security or privacy concern regarding an opendevice session is ended. If the temporary device session needs to bere-opened (e.g., in order to receive modification to the secondsubmission package from the peripheral device) or a new temporary devicesession needs to be created, the primary device may generate a new QRcode as discussed above. This QR code may contain the same informationas the previous QR code and/or additional information that adds orrestricts the actions of the temporary device session.

In some embodiments, the primary device may be further configured toaggregate data in corresponding categories of the first submissionpackage and the second submission package. For example, the jointsubmission may require data entered by the primary and peripheral userto be aggregated. If this data is sensitive (and thus not accessibleand/or viewable) by the other user, this operation may not be possibleunless the data needed to be aggregated has been previously segmentedand/or tagged. Accordingly, the peripheral device (or a remote server)may segment the sensitive data associated with the peripheral user intoa first portion of sensitive data associated with the peripheral userand a second portion of sensitive data associated with the peripheraluser, in which the first portion of sensitive data associated with theperipheral user is in a category of sensitive data that requires itsvalues to be aggregated with values of sensitive data associated withthe primary user in a respective category, and in which the secondportion of sensitive data associated with the peripheral user is in acategory of sensitive data that does not require its values to beaggregated with values of sensitive data associated with the primaryuser in a respective category. The primary device may then identify(e.g., based on tags) the first portion of sensitive data associatedwith the peripheral user and the second portion of sensitive dataassociated with the peripheral user. In response to identifyingsensitive data associated with the peripheral user in the first portionof sensitive data associated with the peripheral user, the primarydevice (or a remote server) may aggregate a value of the first portionof sensitive data with a value of sensitive data associated with theprimary user. By segmenting, tagging, and aggregating in this manner(which does not involve displaying the underlying data), the securityand privacy concerns of the users are maintained even in instances wheresensitive data requires aggregation.

Various other aspects, features, and advantages will be apparent throughthe detailed description and the drawings attached hereto. It is also tobe understood that both the foregoing general description and thefollowing detailed description are examples and not restrictive of thescope of the invention. As used in the specification and in the claims,the singular forms of “a,” “an,” and “the” include plural referentsunless the context clearly dictates otherwise. In addition, as used inthe specification and the claims, the term “or” means “and/or” unlessthe context clearly dictates otherwise. Additionally, as used in thespecification “a portion,” refers to a sub-part of, or the entirety of,a given item (e.g., data) unless the context clearly dictates otherwise.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a system for initiating joint submissions in user devices,in accordance with one or more embodiments.

FIG. 2 shows a system for facilitating joint submissions in userdevices, in accordance with one or more embodiments.

FIG. 3 shows a flowchart for transmitting a submission package forcombination with another submission package, in accordance with one ormore embodiments.

FIG. 4 shows a flowchart for generating a submission package for a userdevice, in accordance with one or more embodiments.

FIG. 5 shows a flowchart of the steps involved in activating a temporarydevice session using QR codes, in accordance with one or moreembodiments.

FIG. 6 shows a flowchart of the steps involved in initiating a jointsubmission using a QR code, in accordance with one or more embodiments.

DETAILED DESCRIPTION OF THE DRAWINGS

In the following description, for the purposes of explanation, numerousspecific details are set forth in order to provide an understanding ofexample embodiments. It will be appreciated, however, by those havingskill in the art that embodiments may be practiced without thesespecific details or with an equivalent arrangement.

FIG. 1 shows a system for facilitating joint submissions in userdevices, in accordance with one or more embodiments. As shown in FIG. 1, system 100 may include primary device 104 and peripheral device 102(e.g., mobile or other user devices). While shown as smartphones in FIG.1 , it should be noted that primary device 104 and/or peripheral device102 may be any computing device, including, but not limited to, apersonal computer (PC), a laptop computer, a tablet computer, ahand-held computer, other computer equipment (e.g., a server), including“smart,” wireless, wearable, and/or mobile devices. FIG. 1 also includesserver 106. Server 106 may alternatively be any computing device asdescribed above and may include any type of mobile terminal, fixedterminal, or other device. It should also be noted that system 100 isnot limited to three devices. Users may, for instance, utilize one ormore other devices to interact with one another, one or more servers, orother components of system 100. It should be noted that, while one ormore operations are described herein as being performed by particularcomponents of system 100, those operations may, in some embodiments, beperformed by other components of system 100. As an example, while one ormore operations are described herein as being performed by components ofprimary device 104, those operations may, in some embodiments, beperformed by components of server 106. In some embodiments, the variouscomputers and systems described herein may include one or more computingdevices that are programmed to perform the described functions.

With respect to the components of peripheral device 104, primary device102, and server 106, each of these devices may receive content and datavia input/output (hereinafter “I/O”) paths. Each of these devices mayalso include processors and/or control circuitry to send and receivecommands, requests, and other suitable data using the I/O paths. Thecontrol circuitry may comprise any suitable processing circuitry. Eachof these devices may also include a user input interface and/or displayfor use in receiving and displaying data. For example, as shown in FIG.1 , both primary device 104 and peripheral device 102 include a displayupon which to display data. Additionally, as primary device 104 andperipheral device 102 are shown as touchscreen smartphones, thesedisplays also act as user input interfaces. It should be noted that insome embodiments, the devices may have neither user input interface nordisplays and may instead receive and display content using anotherdevice (e.g., a dedicated display device such as a computer screenand/or a dedicated input device such as a remote control, mouse, voiceinput, etc.). Additionally, the devices in system 100 may run a jointsubmission application (or another suitable program). The applicationmay cause the processors and/or control circuitry to perform operationsrelated to the joint submission. For example, the processors may beprogrammed to provide information processing capabilities in thecomputing devices. As such, the processors may include one or more of adigital processor, an analog processor, a digital circuit designed toprocess information, an analog circuit designed to process information,a state machine, and/or other mechanisms for electronically processinginformation. In some embodiments, the processors may include a pluralityof processing units. These processing units may be physically locatedwithin the same device, or the processors may represent processingfunctionality of a plurality of devices operating in coordination.

Each of these devices may also include electronic storages. Theelectronic storages may include non-transitory storage media thatelectronically stores information. The electronic storage media of theelectronic storages may include one or both of (i) system storage thatis provided integrally (e.g., substantially non-removable) with serversor client devices or (ii) removable storage that is removablyconnectable to the servers or client devices via, for example, a port(e.g., a USB port, a firewire port, etc.) or a drive (e.g., a diskdrive, etc.). The electronic storages may include one or more ofoptically readable storage media (e.g., optical disks, etc.),magnetically readable storage media (e.g., magnetic tape, magnetic harddrive, floppy drive, etc.), electrical charge-based storage media (e.g.,EEPROM, RAM, etc.), solid-state storage media (e.g., flash drive, etc.),and/or other electronically readable storage media. The electronicstorages may include one or more virtual storage resources (e.g., cloudstorage, a virtual private network, and/or other virtual storageresources). The electronic storage may store software algorithms,information determined by the processors, information obtained fromservers, information obtained from client devices, or other informationthat enables the functionality as described herein.

FIG. 1 also includes communication paths 108, 110, and 112.Communication paths 108, 110, and 112 may include the Internet, a mobilephone network, a mobile voice or data network (e.g., a 4G or LTEnetwork), a cable network, a public switched telephone network, or othertypes of communications network or combinations of communicationsnetworks. Communication paths 108, 110, and 112 may separately ortogether include one or more communications paths, such as a satellitepath, a fiber-optic path, a cable path, a path that supports Internetcommunications (e.g., IPTV), free-space connections (e.g., for broadcastor other wireless signals), or any other suitable wired or wirelesscommunications path or combination of such paths. Paths 108 and 110 aredrawn with dotted lines to indicate that in the exemplary embodimentshown in FIG. 1 , it is a wireless path and path 112 is drawn with asolid line to indicate the presence of a temporary device session. Thecomputing devices may include additional communication paths linking aplurality of hardware, software, and/or firmware components operatingtogether. For example, the computing devices may be implemented by acloud of computing platforms operating together as the computingdevices.

In FIG. 1 , system 100 is initiating a joint submission (e.g., theapplication for a joint bank account) between multiple devices (e.g.,primary device 104 and a peripheral device 102). For example, users ofprimary device 104 and a peripheral device 102 may be collaborating tofill out a joint bank account application. Using primary device 104 anda peripheral device 102, each user may enter information necessary tocomplete the joint bank account. For example, the primary device mayreceive a first user input initiating a joint submission with theperipheral device. For example, a primary user that is operating primarydevice 104 may select a link displayed on primary device 104 thatinitiates a joint submission of an application for a joint bank accountwith a peripheral user operating peripheral device 102.

The primary device may be associated with a user profile for a primaryuser (e.g., a user account of the primary user) and the peripheraldevice may be associated with a user profile for a peripheral user(e.g., a user account for the peripheral user). The joint submission mayrequire a first portion of submission data associated with the primaryuser and a second portion of submission data associated with theperipheral user. For example, in order to complete the joint submission(e.g., the joint bank account application), the primary user andperipheral user may need to enter personal information such as name,social security number, annual income, demographic information, etc.Some of this information may be sensitive data. As referred to herein,sensitive data includes data the owner of which does not wish to bepublicly disclosed to third-parties and/or to the other user forsecurity and/or privacy reasons. For example, while the peripheral usermay not be concerned with disclosing his name to the other user, theperipheral user may be concerned with disclosing his social security orannual income to the other user.

In some embodiments, the categories of data that are considered“sensitive” may be designated by the owner of the data (e.g., the useroperating primary device 104 or peripheral device 102), designated byuser preference or settings (e.g., as found in a user profile or useraccount for the user operating primary device 104 or peripheral device102), designated by a third party (e.g., a service that provides thejoint submission platform and/or receives the joint submission), and/orbased on predetermined application settings (e.g., the application towhich the joint submission is submitted may automatically categorizesome information as sensitive). In some embodiments, any data that couldpotentially identify a specific individual, any information that can beused to distinguish one person from another, and/or any information thatcan be used for de-anonymizing anonymous data may be consideredsensitive.

In response to a first user input (e.g., requesting to begin a jointsubmission), the primary device may generate for display a QuickResponse Code (QR code) such as QR code 114. It should be noted that anyalphanumeric, matrix-based, or other code scheme may be suitable. QRcode 114 may be converted into a useful form by peripheral device 102.For example, in response to peripheral device 112 scanning QR code 114on primary device 104, peripheral device 102 can interpret QR code 114and convert it into instructions for facilitating the joint submissionand/or opening a temporary device session. For example, in response tothe first user input, primary device 104 may have launched a temporarydevice session. Peripheral device 102 may convert QR code 114 into a URLthat, when accessed, provides instructions, login credentials, access toa downloadable content (e.g., a joint submission application) and/orother information related to the joint submission and/or joining thedevice session launch by primary device 104.

Upon interpreting QR code 114 with a QR code scanner, peripheral device102 can activate (e.g., join) the temporary device session primarydevice 104. In some embodiments, either the primary or peripheral usermay additionally or alternatively input data into their respectivedevices to activate the temporary device session. For example, inresponse to interpreting the QR code (or receiving a confirmation thatthe QR code has been received and/or accepted), the primary and/orperipheral device may query its respective users regarding activatingthe temporary device session. This query may introduce an additionalsecurity measure (e.g., a request for a joint submission or temporarydevice session password).

FIG. 2 shows a system for facilitating joint submissions in userdevices, in accordance with one or more embodiments. In particular,system 200 illustrates the state of the system after the temporarydevice session is active.

For example, while the temporary device session is active, primarydevice 104 and peripheral device 102 may share information related tothe joint submission. For example, primary device 104 may receive asecond submission package from peripheral device 102, and primary device104 may combine the second submission package with a first submissionpackage. Additionally, primary device 104 and peripheral device 102 maygain access to other devices (e.g., server 106). For example, whiletemporary device session is active, primary device 104 and peripheraldevice 102 may be able to securely transfer encrypted data (e.g., therespective submission packages and/or other data) between each otherand/or server 106. It should be noted that primary device 104,peripheral device 102, and/or server 106 may encrypt data using publickey or symmetric key encryption and may use 56-bit or higher encryption.

Furthermore, server 106 may store drafts of the joint submission as datarelated to the joint submission is received from primary device 104 andperipheral device 102. Server 106 may store the joint submission as adraft, and the draft may be accessible by primary device 104 andperipheral device 102 while the temporary device session remains active.In some embodiments, certain operations may be off-loaded to server 106(e.g., data verification steps as discussed below).

Additionally or alternatively, while the temporary device session isactive, primary device 104 may receive a second submission package fromperipheral device 102 for combination with a first submission packagefor primary device 104. For example, as part of the joint submission,primary device 104 may receive a portion of data (e.g., the portion ofthe joint submission feature the data from the peripheral user) fromperipheral device 102 for incorporation into the joint submission.

For example, the second submission package may include peripheral userdata included in the required second portion of submission data. Itshould be noted that depending on the algorithm used, the requiredportions of submission data may refer to the underlying values or thecategories of values. For example, in some embodiments, verification ofthe required portion of submission data may include validating that arequired category of data has been received. That is, the verificationmay require ensuring that a required field is populated with a datavalue. Alternatively or additionally, the verification of the requiredportion of submission data may include validating both the presence ofdata value, and also the accuracy of the data value. For example, theverification step performed by primary device 104, peripheral device102, and/or server 106 may include verifying that a value in the socialsecurity number field is the correct social security number of a userassociated with the portion of submission data.

The required second portion of submission data may also be segmentedinto sensitive data associated with the peripheral user andnon-sensitive data associated with the peripheral user. For example, asshown in FIG. 2 , peripheral device 102 has received sensitive data 120and non-sensitive data 118. In some embodiments, the sensitivity of thisdata may differ depending on the particular user. For example, thedesignation of sensitive data 120 as sensitive may have come from a useroperating peripheral device 102. Because of this, the system may tag thesensitive data in one or more ways to designate to whom this data issensitive, what device can receive, what device can display, what devicemay modify, etc. By segmenting the data (or categories of data), andtagging the data (or categories of data) in this manner, the devices mayparticipate in a joint submission while ensuring both the security ofthe data and privacy of the users to third-parties (whether authorizedor unauthorized) and each other. For example, as shown in FIG. 2 ,sensitive data 120 is not displayed on primary device 104 (althoughnon-sensitive data 118 is displayed).

As shown in FIG. 2 , the sensitive data associated with the peripheraluser may not be viewable by primary device 104 but may still bereceivable by the primary device (e.g., for incorporation into the jointsubmission). For example, while sensitive data 120 may have beenreceived by primary device 104, it is not necessarily viewable and/oraccessible by a user of primary device 104. Likewise, non-sensitive data118 is both receivable and viewable by primary device 102 as shown inFIG. 2 . For example, primary device 104 has used non-sensitive data 118to generate notification 116 on primary device 104. Notably, becausesensitive data 120 is not accessible and/or viewable by a user operatingprimary device 104, sensitive data 120 is not used for generatingnotification 116. Additionally, a user operating primary device 104could not view and/or access this data while reviewing the jointsubmission or data relating to the joint submission received fromperipheral device 102. That is, while the required second portion ofsubmission data may be stored on primary device 104, the jointsubmission application or encryption scheme prevents a user fromaccessing sensitive data 120 from primary device 104.

Primary device 104 may then receive primary user data from the primaryuser. For example, primary device 104 may receive data inputted by theprimary user into a user input interface of primary device 104. Forexample, as shown in FIG. 2 , primary device 104 is a touchscreensmartphone and thus primary device 104 may receive user inputs via thetouchscreen display. Alternatively or additionally, primary device 104may retrieve information about the primary user from a user profile ofthe primary user. For example, as part of the joint submission process,the users of primary device 104 and peripheral device 102 may have (orbe required to create) user profiles. These user profiles may be linkedto a user account for the respective user of the service provider of thejoint submission application (or the service provider to which the jointsubmission is to be submitted). Primary device 140, peripheral device102, and/or server 106 may access this profile and/or account toretrieve data to complete the joint submission. For example, using theuser profile and/or user account for each respective user, the jointsubmission application may autofill the respective portions of requiredsubmission data to create the respective submission packages.

Primary device 104 may then verify that the primary user data includesthe required first portion of submission data. For example, in order tofacilitate the joint submission in which the receipt of, and/or abilityto view, the data may be limited by its sensitivity, primary device 104may verify that the primary user data includes the required firstportion. Likewise, peripheral device 102 may verify that the peripheraluser data includes the required second portion of submission data.Alternatively or additionally, each device may self-verify or off-loadthis operation to a third-party and/or other authorized entity (e.g.,server 106).

Primary device 104 may then generate a first submission package forprimary device 104. The first submission package may include therequired first portion of submission data included in the first data,and the first submission package may be combined (e.g., either atprimary device 104 or at server 106) with the second submission packageto create a joint submission package. Primary device 104 may then submit(or initiate the submission if the joint submission package is alreadystored at server 106) the joint submission package.

In some embodiments, primary device 104 may generate a notification(e.g., similar to notification 116) for peripheral device 102 thatindicates that the second submission package has been received. Thisnotification may include non-sensitive data associated with the primaryuser (e.g., the name of the primary user) and may be transmitted toperipheral device 102. Additionally, this notification may end thetemporary device session. Alternatively, the temporary device sessionmay be ended by the primary device upon receipt of the second portion ofsubmission data (e.g., simultaneously with the generation ofnotification 116) or upon submission of the joint submission package.Notably, if the temporary device session needs to be re-opened (e.g., inorder to receive modification to the second submission package fromperipheral device 106) or a new temporary device session needs to becreated, primary device 104 may generate a new QR code as discussedabove. This QR code may contain the same information as the previous QRcode and/or additional information that adds or restricts the actions ofthe temporary device session.

In some embodiments, primary device 104 may be further configured toaggregate data in corresponding categories of the first submissionpackage and the second submission package. For example, the jointsubmission may require data entered by the primary and peripheral userto be aggregated. If this data is sensitive (and thus not accessibleand/or viewable) by the other user, this operation may not be possibleunless the data needed to be aggregated has been previously segmentedand/or tagged. Accordingly, peripheral device 102 (or server 106) maysegment the sensitive data associated with the peripheral user into afirst portion of sensitive data associated with the peripheral user anda second portion of sensitive data associated with the peripheral user,in which the first portion of sensitive data associated with theperipheral user is in a category of sensitive data that requires itsvalues to be aggregated with values of sensitive data associated withthe primary user in a respective category, and in which the secondportion of sensitive data associated with the peripheral user is in acategory of sensitive data that does not require its values to beaggregated with values of sensitive data associated with the primaryuser in a respective category.

Additionally or alternatively, the joint submission application (orperipheral device 102) may encrypt the tags and/or data needing to beaggregated differently than other data. For example, primary device 104may have the encryption key for the encryption of the tags and use it todecrypt the tags, while the underlying data remains encrypted. With thetags decrypted, primary device 104 may identify the data that needs tobe aggregated.

After primary device 104 identifies (e.g., based on tags) the firstportion of sensitive data associated with the peripheral user and thesecond portion of sensitive data associated with the peripheral user,primary device 104 may process the underlying values. In response toidentifying sensitive data associated with the peripheral user in thefirst portion of sensitive data associated with the peripheral user,primary device 104 (or server 106) may aggregate a value of the firstportion of sensitive data with a value of sensitive data associated withthe primary user. Processing these values to perform the aggregation mayinclude further decryption and/or may involve other security protocols(e.g., transmitting the data to server 106 and/or submitting the jointsubmission package with a notification to aggregate data prior tofinalizing the submission) to ensure that the sensitive data is notaccessible to the user of primary device 104. Notably, even ifunderlying data is decrypted, the tags still prevent the values of thesensitive data from being displayed on the primary device.

FIG. 3 shows a flowchart for transmitting a submission package forcombination with another submission package, in accordance with one ormore embodiments. For example, process 300 may represent the steps takenby peripheral device 102 (FIG. 1 ) to receive data from the useroperating peripheral device 102 (FIG. 1 ) and transmit a submissionpackage of that data to primary device 104 (FIG. 1 ).

At step 302, a first mobile device (e.g., peripheral device 102 (FIG. 1)) receives a first user input initiating a joint submission (e.g., amarriage certificate application for two people) with a second mobiledevice (e.g., primary device 104 (FIG. 1 )). For example, the firstmobile device may be associated with a user profile for a first user(e.g., a user profile established for the first person with a localgovernment) and the second mobile device is associated with a userprofile for a second user (e.g., a user profile established for thesecond person with the local government). The joint submission mayrequire a first portion of submission data associated with the firstuser and a second portion of submission data associated with the seconduser. For example, the joint submission may require a name, currentaddress, previous address, social security number, height, weight, knownalias, etc. To speed up the process of filling out the information forthe joint submission, the two people may initiate a joint submissionthrough the use of a joint submission application operating on the firstand second mobile devices.

At step 304, the first mobile device (e.g., peripheral device 102 (FIG.1 ) activates a temporary device session in response to a first userinput. For example, the first user input may have been the selection ofa link on a webpage which opens the joint submission application, aselection of a joint submission application icon on the mobile device,or may have been a link in an electronic communication received fromanother device (e.g., primary device 104 (FIG. 1 )). In response to thefirst user input, a temporary device session is activated. In someembodiments, as described in FIG. 5 below, the mobile device'sadditional security measures may be introduced (e.g., the user of QRcode).

At step 306, the first mobile device (e.g., peripheral device 102 (FIG.1 )) receives first user data. For example, while the temporary devicesession is active, a user operating the first mobile device may inputfirst user data into the first mobile device. This data (or thecategories of this data) may correspond to at least the first portion ofsubmission data. Additionally or alternatively, the first mobile devicemay retrieve first user data automatically (e.g., from the user profileestablished for the first user).

At step 308, the first mobile device verifies that the first user dataincludes the required first portion of submission data. For example, thefirst mobile device may verify that the data about the first user thatis required to complete the first submission has been entered. This stepmay include verifying that the first user has entered values intorequired fields. Additionally or alternatively, this step may includeverifying that a value (e.g., a value entered for the name of the firstuser) is correct. For example, the first mobile device may compare thename entered by the first user to the name of the first user in the userprofile. Additionally or alternatively, the first mobile device maycompare the name entered by the first user to a name of the first userentered by a user on the other device (e.g., primary device 104 (FIG. 1)) when the joint submission was being initiated. The first mobiledevice may then segment the required first portion of submission datainto sensitive data associated with the first user and non-sensitivedata associated with the first user. For example, the first user mayindicate that data related to weight is sensitive and therefore not wantthe other user to be able to view this data. Additionally oralternatively, the joint submission application may determine that thesocial security number is personally identifiable information andtherefore automatically designate this information as sensitive. Otherdata (e.g., the name of the first user) may be designated asnon-sensitive by the first user, joint submission application, etc. Itshould be noted that in some embodiments, the verification of data mayoccur remotely (e.g., as server 106 (FIG. 1 )). In such embodiments, thefirst mobile device transmits data for verification to the remotedevice. Alternatively or additionally, the first mobile device mayactivate another temporary device session between the first mobiledevice (e.g., peripheral device 102 (FIG. 1 )) and the remote device(e.g., server 106 (FIG. 1 )) along another communication path (e.g.,communication path 108 (FIG. 1 )).

At step 310, the first mobile device generates a first submissionpackage for the first mobile device in response to verifying that thefirst user data includes the required first portion of submission data.For example, in response to verifying that the first user data includesthe required first portion of submission data, the first mobile device(e.g., peripheral device 102 (FIG. 1 )) creates the first submissionpackage with the required first portion of submission data. Once thefirst submission package is created, the sensitive data associated withthe first user (e.g., sensitive data 120 (FIG. 2 )) is not viewable bythe second mobile device (although it may still be receivable and/oraccessible by the joint submission application), whereas thenon-sensitive data associated with the first user (e.g., non-sensitivedata 118 (FIG. 2 )) may be viewable by the second mobile device (andstill receivable and/or accessible by the joint submission application).

At step 312, the first mobile device transmits the first submissionpackage for combination with a second submission package for the secondmobile device. For example, the second submission package may includethe required second portion of submission data. Therefore, uponcombination of the first and second submission packages, the jointsubmission is complete. In some embodiments, the second mobile device(e.g., primary device 104 (FIG. 1 )) may generate the second submissionpackages via steps 306-310 on the second mobile device and/or a remotedevice (e.g., server 106 (FIG. 1 )).

It is contemplated that the steps or descriptions of FIG. 3 may be usedwith any other embodiment of this disclosure. In addition, the steps anddescriptions described in relation to FIG. 3 may be done in alternativeorders or in parallel to further the purposes of this disclosure. Forexample, each of these steps may be performed in any order or inparallel or substantially simultaneously to reduce lag or increase thespeed of the system or method. Furthermore, it should be noted that anyof the devices or equipment discussed in relation to FIGS. 1-2 could beused to perform one or more of the steps in FIG. 3 .

FIG. 4 shows a flowchart for generating a submission package for amobile device, in accordance with one or more embodiments. For example,process 400 may represent the steps taken by peripheral device 102 (FIG.1 ) to receive data from the user operating peripheral device 102 (FIG.1 ).

At step 402, the first mobile device (e.g., peripheral device 102 (FIG.1 )) receives first user data in response to a query to the first userfor a first portion of submission data. For example, the query mayappear as a notification on the first mobile device or a form withvarious fields requiring data input. In some embodiments, the fields forthe required data (i.e., data necessary to complete the first portion ofsubmission data and/or data in a category of the first portion ofsubmission data) may be highlighted as required. Additionally, the firstuser may be able to designate the types of data, or the data itself,that is sensitive and/or non-sensitive (as well as to whom the data issensitive).

At step 404, the first mobile device verifies whether or not thereceived first user data includes all of the data needed for the firstportion of the submission data. If so, process 400 continues to step 410to generate the first submission package. If not, process 400 continuesto step 406. For example, until the receipt of the first portion of thesubmission data is complete, the first mobile device may remain on adata input page or continually query a server (e.g., server 106 (FIG. 1)) for user data.

At step 406, the first mobile device determines whether or not it hasreceived first user data via a user input. For example, the first mobiledevice (e.g., peripheral device 102 (FIG. 1 )) may allow a user tomanually enter the first user data. The manual entry may be through theuse of a touchscreen (as in the case of a touchscreen mobile device) orother suitable input means. If the first mobile device determines thatfirst user data has been received via user input, process 400 returns tostep 404 to determine whether the received first user data includes allof the data needed for the first portion of the submission data. If thefirst mobile device determines that first user data has been receivedvia user input, process 400 continues to step 408.

At step 408, the first mobile device determines whether or not it hasreceived first user data from a user profile. For example, the firstmobile device (e.g., peripheral device 102 (FIG. 1 )) may automaticallypull the first user data from one or more user profiles of the firstuser. The first mobile device may perform the data pull automatically orrequire the user to log into a user account. If the first mobile devicedetermines that first user data has been received via the user profile,process 400 returns to step 404 to determine whether the received firstuser data includes all of the data needed for the first portion of thesubmission data. If the first mobile device determines that first userdata has not been received via the user profile, process 400 returns tostep 402 to query the first user.

At step 410, the first mobile device generates the first submissionpackage. For example, in response to verifying that the received firstuser data includes all of the data needed for the first portion of thesubmission data at step 402, process 400 proceeds to step 410.

It is contemplated that the steps or descriptions of FIG. 4 may be usedwith any other embodiment of this disclosure. In addition, the steps anddescriptions described in relation to FIG. 4 may be done in alternativeorders or in parallel to further the purposes of this disclosure. Forexample, each of these steps may be performed in any order or inparallel or substantially simultaneously to reduce lag or increase thespeed of the system or method. Furthermore, it should be noted that anyof the devices or equipment discussed in relation to FIGS. 1-2 could beused to perform one of more of the steps in FIG. 4 .

FIG. 5 shows a flowchart of the steps involved in initiating a temporarydevice session using QR codes, in accordance with one or moreembodiments. For example, FIG. 5 may correspond to the temporary devicesession established between a first mobile device (e.g., primary device104 (FIG. 1 )) and a second mobile device (e.g., peripheral device 102(FIG. 1 )) along communication path 112 (FIG. 1 ).

At step 502, a first mobile device (e.g., peripheral device 102 (FIG. 1)) receives a first user input initiating a joint submission (e.g., asublease agreement) with a second mobile device (e.g., primary device104 (FIG. 1 )). For example, the first mobile device may be associatedwith a user profile for a first user (e.g., a sub-lessor) and the secondmobile device is associated with a user profile for a second user (e.g.,a user profile established for the sub-lessor with the lessor). Thejoint submission may require a first portion of submission dataassociated with the first user and a second portion of submission dataassociated with the second user. For example, the joint submission mayrequire a name, current address, previous address, social securitynumber, etc.

At step 504, the first mobile device activates a Quick Response Code (QRcode) scanner at the first mobile device in response to the first userinput. For example, in order to initiate a temporary device session toshare data securely between the first and second mobile device, thefirst mobile device may be required to scan a QR code displayed on thefirst mobile device.

At step 506, the first mobile device interprets a QR code associatedwith the joint submission, which is displayed on the second mobiledevice, with the QR code scanner. For example, the QR code (or anothersuitable alphanumeric, matrix-based, or other code based scheme) maydisplay a QR code (e.g., QR code 114 (FIG. 1 )) that can be convertedinto a useful form by the first mobile device.

At step 508, the first mobile device activates a temporary devicesession between the first mobile device and the second mobile devicebased on the QR code. For example, while the temporary device session isactive, the first mobile device and second mobile device may shareinformation related to the joint submission. Additionally, the firstmobile device and second mobile device may gain access to other devices(e.g., server 106 (FIG. 1 )). For example, while a temporary devicesession is active, the first mobile device and second mobile device maybe able to securely transfer encrypted data (e.g., the respectivesubmission packages and/or other data) between each other and/or otherdevices.

At step 510, the first mobile device receives first user data from thefirst mobile device. For example, the first user data may be for a firstportion of submission data, which is needed to generate a firstsubmission package. In another example, the first mobile device mayreceive, a second user input modifying the first user data aftertransmitting the first submission package for combination with a secondsubmission package. For example, after the first user transmits thefirst submission package, the first user may wish to modify some data.The first mobile device then generates a modified first submissionpackage for transmitting to the second mobile device (e.g., primarydevice 104 (FIG. 1 ) of server 106 (FIG. 1 )).

At step 512, the first mobile device determines whether the temporarydevice session is active. For example, the first mobile device may testthe connection and/or ping the first mobile device or another device. Inresponse to determining that the temporary device session is active,process 500 continues to step 514 and verifies the first data. Inresponse to determining that the temporary device session is not active,process 500 continues to step 516 and activates the QR code scanner atthe first mobile device to interpret a new QR code associated with thejoint submission that will re-activate the temporary device session. Insome embodiments, either the first or second user may additionally oralternatively input data into their respective devices to re-activatethe temporary device session. For example, in response to interpreting anew QR code (or receiving a confirmation that the QR code has beenreceived and/or accepted), the first and/or second mobile device mayquery its respective users regarding re-activating the temporary devicesession. This query may introduce an additional security measure (e.g.,a request for a joint submission or temporary device session password).

It is contemplated that the steps or descriptions of FIG. 5 may be usedwith any other embodiment of this disclosure. In addition, the steps anddescriptions described in relation to FIG. 5 may be done in alternativeorders or in parallel to further the purposes of this disclosure. Forexample, each of these steps may be performed in any order or inparallel or substantially simultaneously to reduce lag or increase thespeed of the system or method. Furthermore, it should be noted that anyof the devices or equipment discussed in relation to FIGS. 1-2 could beused to perform one of more of the steps in FIG. 5 .

FIG. 6 shows a flowchart of the steps involved in initiating a jointsubmission using a QR code, in accordance with one or more embodiments.For example, process 600 may represent the steps taken by primary device104 (FIG. 1 ) upon receiving a submission package from aperipheraldevice 102 (FIG. 1 ).

At step 602, a mobile device (e.g., primary device 104 (FIG. 1 ))receives a first submission package. For example, the first submissionpackage may correspond to a submission package as generated using one ormore of the steps of process 400 (FIG. 4 ). For example, the firstsubmission package may have been generated by, and/or received from,another device (e.g., peripheral device 102 (FIG. 1 ) or server 106(FIG. 1 )).

At step 604, the mobile device generates a notification to be displayedon the mobile device that indicates that the first submission packagehas been received. For example, the notification may correspond tonotification 116 (FIG. 2 ) and may provide textual, video, and/or audiodata indicating that the submission package has been received. Thenotification may further include a portion of non-sensitive dataassociated with another user. For example, the notification may includenon-sensitive data (e.g., non-sensitive data 118 (FIG. 2 )). Thenon-sensitive data may include information regarding from whom or fromwhere the submission package was received, status information regardingthe joint submission, or may otherwise incorporate non-sensitive dataabout the other user into a message.

At step 606, the mobile device combines the first submission package anda second submission package into the joint submission. For example, themobile device (e.g., primary device 104 (FIG. 1 )) may combine thesubmission package received from the other device (or multiplesubmission packages received from multiple devices) into a jointsubmission package. For example, in some embodiments, the mobile devicemay receive one or more submission packages from multiple differentdevices. In some embodiments, the mobile device may directly combine thesubmission packages (e.g., using applications or components resident onthe mobile device) or the mobile devices may transmit the submissionpackages to another device (e.g., server 106 (FIG. 1 )) for combination.For example, the first submission package and/or the second submissionpackage may be transmitted (e.g., by the mobile device) to a server(e.g., server 106 (FIG. 1 )) for combination while the temporary devicesession is active. For example, in some embodiments, the firstsubmission package is stored at the server prior to the first submissionpackage and the second submission package being combined.

At step 608, the mobile device transmits a confirmation of the receipt.This confirmation may be transmitted to the device from which thesubmission package was received (e.g., peripheral device 102 (FIG. 1 ))and/or another device (e.g., server 106 (FIG. 1 )). For example, theconfirmation of receipt, in addition or in alternative to, alerting auser operating another device (e.g., peripheral device 106 (FIG. 1 ))that the submission package has been received may also includeinstructions for the joint submission application running on thatdevice. For example, the confirmation may cause the other device toperform additional functions and/or close the joint submissionapplication running on that device.

At step 610, the mobile device ends the temporary device session. Forexample, the mobile device may end the temporary device session that isactive along communication paths 108, 110, and/of 112 (FIG. 1 ). In someembodiments, the temporary device session may end upon the transmissionand/or receipt of the confirmation of step 608. For example, upontransmitting the confirmation, the mobile device may close the temporarydevice session. Likewise, upon receipt of the confirmation, the otherdevice may close the temporary device session (if it is still active).In some embodiments, the mobile device may end the temporary devicesession upon receipt of a portion of submission data from another device(e.g., peripheral device 102 (FIG. 1 ) and/or server 106 (FIG. 1 )) orupon submission of the joint submission package (e.g., to server 106(FIG. 1 )).

It is contemplated that the steps or descriptions of FIG. 6 may be usedwith any other embodiment of this disclosure. In addition, the steps anddescriptions described in relation to FIG. 6 may be done in alternativeorders or in parallel to further the purposes of this disclosure. Forexample, each of these steps may be performed in any order or inparallel or substantially simultaneously to reduce lag or increase thespeed of the system or method. Furthermore, it should be noted that anyof the devices or equipment discussed in relation to FIGS. 1-2 could beused to perform one of more of the steps in FIG. 6 .

The above-described example embodiments are presented for purposes ofexample and not of limitation, and the present disclosure is limitedonly by the claims which follow. Furthermore, it should be noted thatfeatures and limitations described in any one embodiment may be appliedto any other embodiment herein, and flowcharts or examples relating toone embodiment may be combined with any other embodiment in a suitablemanner, done in different orders, or done in parallel. In addition, thesystems and methods described herein may be performed in real-time. Itshould also be noted, the systems and/or methods described above may beapplied to, or used in accordance with, other systems and/or methods.

Additional example embodiments include:

1. A method comprising: receiving, at a first user device, a first userinput initiating a joint submission with a second user device, whereinthe first user device is associated with a user profile for a first userand the second user device is associated with a user profile for asecond user, and wherein the joint submission requires a first portionof submission data associated with the first user and a second portionof submission data associated with the second user; in response to thefirst user input, activating a temporary device session; and while thetemporary device session is active: receiving first user data; verifyingthat the first user data includes the required first portion ofsubmission data, wherein the required first portion of submission dataincludes sensitive data associated with the first user and non-sensitivedata associated with the first user; generating a first submissionpackage, wherein the first submission package includes the requiredfirst portion of submission data included in the first user data, andwherein the sensitive data associated with the first user is notviewable by the second user device, and wherein non-sensitive dataassociated with the first user is viewable by the second user device;and transmitting the first submission package for combination with asecond submission package that includes the required second portion ofsubmission data.2. The method of embodiment 1, wherein receiving the first user datacomprises: retrieving a first portion of the first user data from theuser profile for the first user; and receiving a second portion of thefirst user data through user inputs entered at the first user device.3. The method of embodiment 1 or 2, further comprising: segmenting thesensitive data associated with the first user into a first portion and asecond portion of sensitive data, wherein the first portion of sensitivedata is in a category of sensitive data that requires values of saidfirst portion of sensitive data to be aggregated with values ofsensitive data associated with the second user in a respective category,and wherein the second portion of sensitive data is in a category ofsensitive data that does not require its values to be aggregated withvalues of sensitive data associated with the second user in a respectivecategory.4. The method of any one of embodiments 1-3, wherein the firstsubmission package and the second submission package are combined into afinal submission package, and wherein the final submission package issubmitted to a server.5. The method of any one of embodiments 1-4, further comprising tagging,at the first user device, the sensitive data associated with the firstuser as receivable but not viewable by the second user device.6. The method of any one of embodiments 1-5, wherein activating thetemporary device session comprises: activating a Quick Response Code (QRcode) scanner at the first user device; scanning a QR code associatedwith the joint submission, which is displayed on the second user device,with the QR code scanner; and activating a temporary session between thefirst user device and the second user device.7. The method of any one of embodiments 1-6, wherein receipt of thefirst submission package by the second user device causes: anotification to be displayed on the second user device that indicatesthat the first submission package has been received, wherein thenotification includes a portion of the non-sensitive data associatedwith the first user.8. The method of any one of embodiments 1-7, wherein the firstsubmission package is transmitted to a server for combination with thesecond submission package while the temporary device session is active,and wherein the first submission package is stored prior to the firstsubmission package and the second submission package being combined.9. The method of any one of embodiments 1-8, further comprising:receiving, at the first user device, a second user input modifying thefirst user data after transmitting the first submission package forcombination with a second submission package; determining whether thetemporary device session is active; and in response to determining thatthe temporary device session is active, generating a modified firstsubmission package and transmitting the modified first submissionpackage.10. The method of any one of embodiments 1-8, further comprising:receiving, at the first user device, a second user input modifying thefirst user data after transmitting the first submission package forcombination with a second submission package; determining whether thetemporary device session is active; and in response to determining thatthe temporary device session is not active, activating the QR codescanner at the first user device to interpret a new QR code associatedwith the joint submission that will re-activate the temporary devicesession.10. A tangible, non-transitory, machine-readable medium storinginstructions that, when executed by a data processing apparatus, causethe data processing apparatus to perform operations comprising those ofany of embodiments 1-10.11. A system comprising: one or more processors; and memory storinginstructions that, when executed by the processors, cause the processorsto effectuate operations comprising those of any of embodiments 1-10.

What is claimed is:
 1. A system for facilitating a joint submission formultiple remote users in a computer environment, the system comprising:one or more processors; and a non-transitory, computer-readable storagemedium storing instructions that when executed by the one or moreprocessors cause the one or more processors to perform operationscomprising: receiving a communication generated by a first device usinga second device, wherein the first device is associated with a firstuser profile for a first user and the second device is associated with asecond user profile for a second user, and wherein the joint submissionrequires a first portion of submission data associated with the firstuser and a second portion of submission data associated with the seconduser; scanning a QR code associated with the joint submission, which isdisplayed on the first device, with a QR code scanner of the seconddevice; interpreting the QR code and converting the QR code intoinstructions for activating a temporary device session; generating asubmission package, wherein the submission package comprises the secondportion of submission data, including Personally IdentifiableInformation (PII) associated with the second user and non-PII associatedwith the second user, and wherein the PII associated with the seconduser is not viewable by the first device, and the non-PII associatedwith the second user is viewable by the first device; and transmitting,while the temporary device session is active, the submission package tothe first device.
 2. A method for facilitating a joint submission formultiple remote users in a computer environment, the method comprising:receiving a communication generated by a first device using a seconddevice, wherein the first device is associated with a first user profilefor a first user and the second device is associated with a second userprofile for a second user, and wherein the joint submission requires afirst portion of submission data associated with the first user and asecond portion of submission data associated with the second user;joining a temporary device session between the first device and seconddevice; generating a submission package, wherein the submission packagecomprises the second portion of submission data, including PersonallyIdentifiable Information (PII) associated with the second user andnon-PII associated with the second user, and wherein the PII associatedwith the second user is not viewable by the first device, and thenon-PII associated with the second user is viewable by the first device;and transmitting, while the temporary device session is active, thesubmission package to the first device.
 3. The method of claim 2,wherein joining the temporary device session comprises: scanning a QRcode associated with the joint submission, which is displayed on thefirst device, with a QR code scanner of the second device; andinterpreting the QR code and converting the QR code into instructionsfor activating the temporary device session.
 4. The method of claim 3,wherein joining the temporary device session further comprises: inresponse to interpreting the QR code, querying the second user; andactivating the temporary device session in response to receiving aninput.
 5. The method of claim 2, wherein generating the submissionpackage comprises: receiving, at the second device, second user data;verifying that the second user data includes the second portion ofsubmission data; and in response to verifying that the second user dataincludes the second portion of submission data, generating thesubmission package.
 6. The method of claim 2, further comprising:receiving, from the first device, a notification indicating a successfultransmission of the submission package; and ending, in response toreceiving the notification, the temporary device session.
 7. The methodof claim 2, wherein generating the submission package comprises:obtaining, at the second device, second user data; and segmenting thesecond user data into a first category of sensitive data and secondcategory of sensitive data, wherein the first category of sensitive datarequires its values to be aggregated with values of sensitive data ofthe first user, and wherein the second category of sensitive data doesnot require its values to be aggregated with values of sensitive data ofthe first user.
 8. The method of claim 2, further comprising: retrievingone or more preferences for segmenting second user data into one or morecategories; and segmenting the second user data into a non-sensitivecategory or a sensitive category based on the one or more preferences.9. The method of claim 2, further comprising: obtaining, automatically,second user data from the second user profile; and in response toobtaining the second user data, determining whether the second user dataincludes data needed for the second portion of the submission data. 10.The method of claim 2, further comprising: prompting, using the seconddevice, a login to a user account by the second user; and in response toobtaining second user data at the second device, determining whether thesecond user data includes data needed for the second portion of thesubmission data.
 11. The method of claim 2, further comprising:providing, via the second device, a query for the second user forobtaining second user data; and receiving, in response to the query,second user data at the second device.
 12. The method of claim 11,wherein providing the query comprises providing an indication of fieldsthat are required for the second portion of submission data.
 13. Themethod of claim 11, wherein receiving the second user data comprisesreceiving a user designation of data type of the second user data assensitive and/or non-sensitive data.
 14. A non-transitorycomputer-readable media for facilitating a joint submission for multipleremote users in a computer environment comprising instructions that,when executed by one or more processors, cause operations comprising:receiving a communication generated by a first device using a seconddevice, wherein the first device is associated with a user profile for afirst user and the second device is associated with a user profile for asecond user, and wherein the joint submission requires a first portionof submission data associated with the first user and a second portionof submission data associated with the second user; joining a temporarydevice session between the first device and second device; generating asubmission package, wherein the submission package comprises the secondportion of submission data, including Personally IdentifiableInformation (PII) associated with the second user and non-PII associatedwith the second user, and wherein the PII associated with the seconduser is not viewable by the first device, and the non-PII associatedwith the second user is viewable by the first device; and transmitting,while the temporary device session is active, the submission package tothe first device.
 15. The non-transitory computer-readable media ofclaim 14, wherein joining the temporary device session comprises:scanning a QR code associated with the joint submission, which isdisplayed on the first device, with a QR code scanner of the seconddevice; and interpreting the QR code and converting the QR code intoinstructions for activating the temporary device session.
 16. Thenon-transitory computer-readable media of claim 15, wherein joining thetemporary device session further comprises: in response to interpretingthe QR code, querying the second user; and activating the temporarydevice session in response to receiving an input.
 17. The non-transitorycomputer-readable media of claim 14, wherein generating the submissionpackage comprises: receiving, at the second device, second user data;verifying that the second user data includes the second portion ofsubmission data; and in response to verifying that the second user dataincludes the second portion of submission data, generating thesubmission package.
 18. The non-transitory computer-readable media ofclaim 14, the operations further comprising: receiving, from the firstdevice, a notification indicating a successful transmission of thesubmission package; and ending, in response to receiving thenotification, the temporary device session.
 19. The non-transitorycomputer-readable media of claim 14, wherein generating the submissionpackage comprises: segmenting second user data into a first category andsecond category of sensitive data, wherein the first category ofsensitive data requires its values to be aggregated with values ofsensitive data of the first user and the second category of sensitivedata does not require its values to be aggregated with values ofsensitive data of the first user.
 20. The non-transitorycomputer-readable media of claim 14, the operations further comprising:retrieving one or more preferences for segmenting second user data intoone or more categories; and segmenting second user data into anon-sensitive category or a sensitive category based on the one or morepreferences.